Ransomware Roundup: 06.24.22

This week’s round up…

‍

• More than half of ransomware victims lose a client  
• Ransomware does not think of the children
• The other RaaS: Ransomware as a Smokescreen
• Another manufacturer halted by ransomware
• The extended legacy of the Colonial Pipeline attack, legislation
  ‍

More than half of ransomware victims lose a client

Phil Hall of Westchester and Fairfield County journal reported on a survey that found more than half of the victims of a ransomware attack lost at least one client.

‍

“The survey, which polled 300 ransomware victims, found only 11% of respondents reporting the ransomware payment was the most consequential impact of the ransom

ware attack,” Hall wrote.

‍

Brand damage is cited as a cost of a successful ransomware attack, but the ultimate results of this have been somewhat ephemeral. This survey illustrates the consequences to reputation lost as a result of a breach.

‍

Ransomware does not think of the children

‍

The good news: 2021 saw a double-digit decrease by percentage in ransomware attacks against United States schools and colleges. The bad news: Despite this, ransomware still cost places of learning more than $3.5 billion (about $11 per person in the US) in that year alone.

‍

“Schools districts have become a popular target for cyberattacks, particularly ransomware, in recent years due to the fact that many are running outdated computer systems and don't have the same financial or staffing resources for cybersecurity that many private companies do,” Bree Fowler wrote in CNET article.

‍

The report, conducted by cybersecurity research firm Comparitech, was cautious about its rosier picture of 2022.

‍

“Based on what has been reported already for the year, the downtime and recovery times are significantly lower than in previous years (just over two days and 22 days respectively). However, with the impact of attacks often not being felt/reported on accurately until months later, downtime figures may rise but it’s likely they will still be lower than previous years,” the researchers wrote in the report.
‍

The other RaaS: Ransomware as a Smokescreen

‍

Charlie Osborne at ZDNet reported on research conducted by SecureWorks that detailed HUI Loader, which is assumed to be the product of state-backed actors and has been found to deliver one of several strains of ransomware. The motivation behind deploying malware, however, is noteworthy.

‍

“The victimology, short lifespan of each ransomware family, and access to malware used by government-sponsored threat groups suggest that BRONZE STARLIGHT’s main motivation may be intellectual property theft or cyberespionage rather than financial gain. The ransomware could distract incident responders from identifying the threat actors’ true intent and reduce the likelihood of attributing the malicious activity to a government-sponsored Chinese threat group,” the researchers wrote in the report.

‍

Victims of the malicious actors include Brazilian pharmaceutical companies, a US media outlet, Japanese manufacturers and a major Indian organization's aerospace and defense division, according to Osborne.

‍

Another manufacturer halted by ransomware

‍

Automotive manufacturer Nichirin fell victim to a ransomware attack from an unnamed actor, reported Bill Toulas at Bleeping Computer. Threat groups often target factories because the scope of disruptions provides compelling “incentive” to pay the extortion fee.

‍

Nichirin “moved operations into manual mode” reported Toulas and that customers should expect delays in receiving their orders. The company temporarily took its website offline while it determined the scope of the attack but is now focused on returning to full operation.

‍

“In an official statement [PDF, Japanese] yesterday, Nichirin underlines that system recovery has been prioritized to resume business operations. The company is currently investigating how the unauthorized access happened and is trying to determine ‘the effects of information leakage’,” Toulas reported.

‍

This is the second noteworthy attack to be featured in the Ransomware Roundup as Foxconn suffered a disruptions earlier this month.

‍

The extended legacy of the Colonial Pipeline attack, legislation

‍

United States President Joe Biden signed two pieces of legislation to help mitigate the results of events like the SolarWinds and Colonial Pipeline attacks, reported Martin Matishak at The Record.  

‍

The State and Local Cybersecurity Act will empower the Cybersecurity and Infrastructure Security Agency to “provision of assistance and education related to cyber threat indicators, proactive and defensive measures and cybersecurity technologies, cybersecurity risks and vulnerabilities, incident response and management, analysis, and warnings.”

‍

The Federal Rotational Cyber Workforce Program Act is intended to develop cybersecurity expertise in the federal government “in an effort to compete with the usually more lucrative private sector,” Matishak reported.

‍

Thanks to the reporters and researchers

‍

Shout out to the following people for their original reporting and research referenced in this week’s Ransomware Roundup.

‍

Phil Hall at Westfair & Chester County Business Journals  for their reporting on Study: 60% of ransomware victims lost a client due to an attack.

• LinkedIn

• Twitter

‍

Bree Fowler at CNET for their reporting on Ransomware Cost US Schools $3.56 Billion in 2021, Study Says.

• LinkedIn
• Twitter

‍

Charlie Osborne at ZDNet for their reporting on These hackers are spreading ransomware as a distraction - to hide their cyber spying.

• LinkedIn
• Twitter

‍

Bill Toulas at Bleeping Computer for their reporting on Automotive hose maker Nichirin hit by ransomware attack.

• LinkedIn
• Twitter

‍

Martin Matishak at The Record by Recorded Future for their reporting on Biden signs a pair of cybersecurity bills into law.

• LinkedIn
• Twitter